Vote Smart - Facts For All

OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Protecting Taxpayers and Victims of Unemployment Fraud Act

Floor Speech

By: Darin LaHood

Date: May 11, 2023

Location: Washington, DC

BREAK IN TRANSCRIPT

Mr. LaHOOD. Mr. Speaker, I thank Chairman Smith for yielding.

Mr. Speaker, today, Republicans are following through on our promise to the American people last fall in our commitment to a government that is accountable.

I rise in strong support of H.R. 1163. This long-awaited bill is needed to address the unprecedented levels of fraud in pandemic unemployment programs.

Every dollar going to fraud is a dollar that did not go to those who actually needed it. My home State of Illinois paid out nearly $2 billion in Federal funds for fraudulent unemployment claims, nearly half of the money paid out by the State.

Mr. Speaker, I include in the Record an audit by the State of Illinois Department of Economic Security from June 2020. STATE OF ILLINOIS DEPARTMENT OF EMPLOYMENT SECURITY Individual Nonshared Proprietary Fund, Financial Statements--For the Year Ended June 30, 2021 Performed as Special Assistant Auditors For the Auditor General, State of Illinois Independent Auditor's Report on Internal Control Over Financial

Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance with Government Auditing Standards Hon. Frank J. Mautino Auditor General, State of Illinois

As Special Assistant Auditors for the Auditor General, we were engaged to audit, in accordance with the auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in Government Auditing Standards issued by the Comptroller General of the United States, the financial statements of the Unemployment Compensation Trust Fund (Trust Fund), an individual nonshared proprietary fund of the State of Illinois, Department of Employment Security (Department), as of and for the year ended June 30, 2021, and the related notes to the financial statements, which collectively comprise the Trust Fund's basic financial statements, and have issued our report thereon dated June 3, 2022. Our report disclaims an opinion on such financial statements due to material weaknesses in internal control over one of the benefit payment systems, for which we were unable to obtain sufficient appropriate audit evidence over related amounts. Internal Control Over Financial Reporting

In connection with our engagement to audit of the financial statements, we considered the Department's internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate in the circumstances for the purpose of expressing our opinion on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the Department's internal control. Accordingly, we do not express an opinion on the effectiveness of the Department's internal control.

A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A material weakness is a deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

Our consideration of internal control was for the limited purpose described in the first paragraph of this section and was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies and, therefore, material weaknesses or significant deficiencies may exist that have not been identified. We did identify certain deficiencies in internal control, described in the accompanying Schedule of Findings as items 2021-001 through 2021-003 that we consider to be material weaknesses. Compliance and Other Matters

In connection with our engagement to audit the financial statements of the Trust Fund, we performed tests of its compliance with certain provisions of laws, regulations, contracts, and grant agreements, noncompliance with which could have a direct and material effect on the financial statements. However, providing an opinion on compliance with those provisions was not an objective of our audit and, accordingly, we do not express such an opinion. The results of our tests disclosed instances of noncompliance or other matters that are required to be reported under Government Auditing Standards and which are described in the accompanying Schedule of Findings as items 2021-001 through 2021-003. Additionally, if the scope of our work had been sufficient to enable us to express an opinion on the financial statements of the Trust Fund, other instances of noncompliance or other matters may have been identified and reported herein. Department's Responses to the Findings

The Department's responses to the findings identified in our engagement are described in the accompanying Schedule of Findings. The Department's responses were not subjected to the auditing procedures applied in the engagement to audit the financial statements and, accordingly, we express no opinion on the responses. Purpose of this Report

The purpose of this report is solely to describe the scope of our testing of internal control and compliance and the results of that testing, and not to provide an opinion on the effectiveness of the entity's internal control or on compliance. This report is an integral part of an engagement to perform an audit in accordance with Government Auditing Standards in considering the entity's internal control and compliance. Accordingly, this communication is not suitable for any other purpose. Current Findings--Government Auditing Standards Finding 2021-001--Failure to Implement General Information Technology

Controls Over the Pandemic Unemployment Assistance System

The Department of Employment Security (Department) failed to implement general Information Technology (IT) controls over the Pandemic Unemployment Assistance (PUA) System (System).

In April 2020, the Department contracted with a service provider to provide the System as a Software as a Service (SaaS) and to provide hosting services for the System. The service provider maintained full control over the system.

In order to determine if general IT controls were suitably designed and operating effectively over the System, we requested the Department provide a System and Organization Control (SOC) report for the service provider. As was noted in the prior audit, the Department could not provide a SOC report, as the service provider's contract did not require the service provider to undergo a SOC examination. Therefore, we conducted testing of the general IT control of the System. Change Control

As was noted in the prior audit, the service provider's developers continued to have access to the production environment. As a result, we were unable to determine if the developers made unauthorized changes to the environment, application, and data. Security

The Department had not implemented internal controls over the System's access. Disaster Recovery

The Department had not implemented disaster recovery controls.

The Security and Privacy Controls for Information Systems and Organizations (Special Publication 800-53, Fifth Revision) published by the National Institute of Standards and Technology (NIST), Maintenance and System and Service Acquisition sections, require entities outsourcing their IT environment or operations to obtain assurance over the entities' internal controls related to the services provided. Such assurance may be obtained via System and Organization Control reports or independent reviews. In addition, the Access Control section, sanctions the implementation of internal controls over access. The Configuration Management section also enforces logical restrictions with changes to systems. Further, the Contingency Planning section makes compulsory the development of a detailed disaster recovery plan.

The Fiscal Control and Internal Auditing Act (30 ILCS 10/ 3001) requires all State agencies to establish and maintain a system, or systems, of internal fiscal and administrative controls to provide assurance funds, property, and other assets and resources are safeguarded against waste, loss, unauthorized use and misappropriation and maintain accountability over the State's resources.

The Department indicated the service provider's contract did not require a SOC report to be provided. Additionally, the Department indicated competing priorities resulted in the other weaknesses.

As a result of the lack of general IT controls over the System, we were unable to rely on the System and the proper determination of claimant eligibility data and benefits paid. Furthermore, as a result of the lack of internal controls identified in this finding and finding 2021-002, we are unable to obtain sufficient documentation to determine if the Department's Fiscal Year 2021 financial statements are fairly presented. Therefore, we are issuing a disclaimer of opinion over the Department's Fiscal Year 2021 Unemployment Compensation Trust Fund financial statements. (Finding Code No. 2021-001, 2020-001) Recommendation

We recommend the Department ensure the service provider's contract requires obtaining a SOC report or an independent review. We also recommend the Department ensure the service provider's developers' access is restricted and changes are appropriate. Further, we recommend the Department develop and implement security controls and disaster recovery controls. Department Response

IDES accepts the auditor's recommendation. In 2021, IDES took action to address the points raised in the finding. The improvements to the PUA system were implemented within a timeframe that did not impact the entire 2021 audit period. As recommended, a contract is in place requiring the PUA system service provider to secure a SOC report for FY22. The system access of the PUA service provider's developers has been restricted and accurately documented. In addition, documentation for PUA system disaster recovery, as well as security controls, are in place and have been reviewed and documented. Finding 2021-002--Failure to Maintain Accurate and Complete Pandemic Unemployment Assistance Claimant Data

The Department of Employment Security (Department) failed to maintain accurate and complete Pandemic Unemployment Assistance (PUA) claimant data.

On March 27, 2020, the President of the United States signed the Coronavirus Aid, Relief, and Economic Security (CARES) Act which provided states the ability to provide unemployment insurance to individuals affected by the pandemic, including those who would not normally be eligible for unemployment. Based on the Department's records, as of June 30, 2021, 424,887 claimants had received benefits totaling $8,168,499,998.

From June 2021 through January 2022, the Department attempted to provide complete and accurate PUA claimant data in order to determine if the claimants were properly determined eligible. After several attempts and considerable manipulation of the data to make the data more auditable and organized, it was determined complete and accurate PUA claimant data could not be provided. Therefore, we were unable to conduct detailed testing to determine whether the PUA claimants were entitled to benefits.

Also, due to these conditions, we were unable to conclude the PUA claimant data records were complete and accurate under the Professional Standards promulgated by the American Institute of Certified Public Accountants (AU-C 500.08 and AT-C 205.35).

The Department indicated the PUA system limitations and data entry errors resulted in the weaknesses.

Due to the inability to conduct detailed claimant testing, we were unable to determine whether the Department's financial statements accurately document the PUA benefits paid during Fiscal Year 2021. Therefore, we are issuing a disclaimer of opinion over the Department's Fiscal Year 2021 Unemployment Compensation Trust Fund financial statements. (Finding Code No. 2021-002) Recommendation

We recommend the Department implement controls to ensure the claimants' data is complete and accurate. Department Response

IDES accepts the auditor's recommendation. The department continues to work with the PUA system service provider and the Department of Innovation and Technology (DoIT) staff to refine the PUA database information and develop a reporting structure that conforms with auditors' expectations. Errors and anomalies within the PUA system have been identified and are being addressed to ensure claimant data is complete and reliable. Finding 2021-003--Failure to Perform Timely Cash Reconciliations

The Department of Employment Security (Department) did not prepare its year end bank reconciliations timely.

As part of our engagement, we requested the June 30, 2021 bank reconciliations. The reconciliations are between cash as recorded in the Department's general ledger, and cash as reported by the bank for each account. The Department did not have the reconciliations prepared timely for audit fieldwork and we received the final versions of the June 2021 reconciliations on December 23, 2021.

The timely reconciliation of cash accounts is a basic control procedure that should occur every month to determine the recorded amount of cash is accurate. Normally this procedure is performed shortly after the end of the month upon receipt of the bank statement. Most organizations have a regular monthly accounting schedule whereby the monthly general ledger cannot be closed without the preparation of the cash reconciliation.

Concepts Statement No. 1 of the Governmental Accounting Standards Board, Objectives of Financial Reporting (GASBCS 1, paragraph 64), states, ``Financial reporting should be reliable; that is, the information presented should be verifiable and free from bias and should faithfully represent what it purports to represent. To be reliable, financial reporting needs to be comprehensive.'' The reconciliation of cash accounts is a basic control to ensure the accuracy and reliability of financial reports.

The Fiscal Control and Internal Auditing Act (30 ILCS 10/ 3001) requires State agencies to establish and maintain a system, or systems, of internal fiscal and administrative controls to ensure State resources are used efficiently and effectively. This includes the timely performance of bank reconciliations.

Department management indicated the weaknesses were due to turnover in personnel and the inability to quickly move employees into this area to perform this function as workloads increased significantly as a result of the new CARES Act unemployment programs.

Since the Department has numerous cash transactions every month, the risk of error due to misapplied cash transactions is significant. Monthly there can be over $1 billion in cash that flows through the Department's various cash accounts. Monthly and annual financial statements could be materially misstated due to the lack of timely bank reconciliations. Failure to properly complete timely bank reconciliations could also result in a misuse or misappropriation of cash that could go undetected. (Finding Code No. 2021-003, 2020- 004) Recommendation

The Department should prepare a monthly reconciliation for every cash account, reconciling the bank and general ledger balances. Each monthly bank reconciliation should be timely completed and reviewed and approved by a supervisor. Department Response

IDES accepts the auditor's recommendation. In 2021, IDES contracted with a professional accounting firm to assist department staff with the cash reconciliation work required for seven programs, including the new federal programs such as PUA and PEUC that were enacted in response to the pandemic. In consultation with a professional accounting firm, department procedures are undergoing review and revision to ensure cash reconciliations for all programs are completed on a timely basis. Prior Findings Not Repeated

A. Failure to Accurately Determine Claimants' Eligibility for Pandemic Unemployment Assistance:

In the prior audit, the Department of Employment Security (Department) failed to ensure Pandemic Unemployment Assistance claimants met eligibility requirements.

In the current audit, the Department was unable to provide complete and accurate claimant data. Therefore, we were unable to conduct detailed testing as noted in Finding 2021- 002. We will review the Department's progress in the next audit. (Finding Code No. 2020-002)

B. Inadequate Controls over Pandemic Unemployment Assistance Program Processes:

During the prior audit, the Department did not implement adequate controls over the Pandemic Unemployment Assistance (PUA) program processes.

In the current audit, as noted in Finding 2021-002, the Department was unable to provide complete and accurate claimant data. Therefore, we were unable to conduct detailed testing. We will review the Department's progress in the next audit. (Finding Code No. 2020-003)

C. Inadequate Controls over Accruals:

During the prior audit, the Department did not have sufficient internal control over the determination of accruals for payments related to both the Unemployment Insurance program (UI) and the Pandemic Unemployment Assistance Program (PUA).

D. Inadequate Controls over Receivable Allowance:

During the prior audit, the Department did not have sufficient internal control over the estimate of the allowance for doubtful accounts recorded in its financial statements.

E. Inadequate Controls over GenTax Access:

During the prior audit, the Department did not ensure adequate security over the enterprise-wide tax system (GenTax).

In the current audit, sample testing did not contain significant errors that would affect the financial statements. (Finding Code No. 2020-007, 2019-005, 2018-008)

BREAK IN TRANSCRIPT

Mr. LaHOOD. Those fraudsters acted with intent and malice and diverted critical relief for unemployed workers. Early on in the pandemic, multiple red flags were raised by law enforcement agencies about the threat of fraudsters using stolen identities to file false unemployment claims.

The U.S. Secret Service raised the first alarm issuing an alert memo in May 2020 warning of a well-organized Nigerian crime ring exploiting the COVID-19 crisis to commit large-scale fraud against State unemployment insurance programs.

Mr. Speaker, I include in the Record that memo from the U.S. Secret Service. May 14, 2020. From: United States Secret Service.

Massive Fraud Against State Unemployment Insurance Programs

The United States Secret Service has received reporting of a well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs. The primary state targeted so far is Washington, while there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida. It is extremely likely every state is vulnerable to this scheme and will be targeted if they have not been already.

In the state of Washington, individuals residing out-of- state are receiving multiple ACH deposits from the State of Washington Unemployment Benefit Program, all in different individuals' names with no connection to the account holder. A substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees. It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far.

This fraud network is believed to consist of hundreds, if not thousands, of mules with potential losses in the hundreds of millions of dollars. The banks targeted have been at all levels including local banks, credit unions, and large national banks.

Please communicate the information regarding this fraud to the appropriate office at your local state level and liaison with local financial institutions to identify mules and potential seizures.

BREAK IN TRANSCRIPT

Mr. LaHOOD. Mr. Speaker, the public needed to know what was happening to these funds, yet not a single oversight hearing was held at the time. Democrats turned a blind eye to the fraud and rejected Republican efforts to stop it.

While considering the American Rescue Act in committee, Democrats rejected Republican amendments that would have stopped the ``pay and chase'' model of benefit delivery.

In September of 2022, Democrats voted against a resolution of inquiry demanding communications showing the Department of Labor had knowledge of unemployment insurance dollars flowing to international crime syndicates.

Now, today, Republicans are taking action.

We will not turn our backs and walk away from the greatest theft of taxpayer dollars in American history.

Currently, State workforce agencies have little incentive to pursue costly investigations and prosecutions that do not pay out. This bill here today, H.R. 1163, will jump-start efforts to recover what we can by making the juice worth the squeeze for States still working through a backlog of suspicious unemployment claims and appeals.

The number of individuals or entities facing UI fraud-related charges has grown since March 2020 and will continue to increase as these cases take time to develop.

Based on an analysis of the U.S. Department of Justice from January 13, 2023, Federal charges were pending against up to 240 individuals for attempting to defraud pandemic UI programs.

States that take the initiative will be allowed to retain a portion of the recovered funds to prevent future fraud by using the recovery reward to improve program integrity, including hiring investigators to go after criminals and modernizing State systems.

BREAK IN TRANSCRIPT

Mr. LaHOOD. Mr. Speaker, this bill allows a State to retain 5 percent of the recovered UI overpayments. This includes having commonsense procedures in place, like preventing UI benefit payments from going to incarcerated people and deceased people.

We have an opportunity today to gain some restitution for American taxpayers.

Mr. Speaker, I urge my colleagues to support H.R. 1163.

BREAK IN TRANSCRIPT

Source

Protecting Taxpayers and Victims of Unemployment Fraud Act

Floor Speech

Navigation

Our Mission